1 Nov
2013
1 Nov
'13
3:03 a.m.
Mark Andrews wrote:
That said it is possible to completely automate the secure assignment of PTR records. It is also possible to completely automate the secure delegation of the reverse name space. See http://tools.ietf.org/html/draft-andrews-dnsop-pd-reverse-00
It is a lot simpler and a lot more practical just to use shared secret between a CPE and a ISP's name server for TSIG generation. As the secret can be directly shared end to end, it is more secure than DNSSEC involving untrustworthy third parties. Masataka Ohta